funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: EFI and security

From: "Fergie" <fergdawg () netzero net>
Date: Wed, 15 Mar 2006 14:36:40 GMT
Larry,

One word: Rootkit.  ;-)

- ferg

-- "Larry Seltzer" <larry () larryseltzer com> wrote:

There's been a lot of noise lately about Microsoft pulling EFI support from
the initial versions of Windows Vista
(http://www.eweek.com/article2/0,1895,1937668,00.asp - actually UEFI). EFI
and UEFI are the next-generation replacements for the BIOS and are (here's
the key to my inquiry) extensible. Essentially, it can provide for
OS-independent device drivers with a standard driver interface to the
operating system.

Here are some links:
        Intel: http://www.intel.com/technology/efi/
        Microsoft: http://support.microsoft.com/?kbid=303956
        Wikipedia:
http://en.wikipedia.org/wiki/Extensible_Firmware_Interface
        The Unified EFI Forum: http://www.uefi.org/

The Microsoft delay is more a business matter having to do with OEMs not
wanting to adopt the new spec. The new Intel-based Apple systems do use
UEFI. The original EFI is an Intel spec, UEFI is a newer one released to the
UEFI forum to make it less of an Intel-Inside thing.

I haven't read the specs closely enough, but since it can be extended
through software that loads prior to the OS boot I'm curious about the
security implications. The UEFI forum has this in theie FAQ:

        Q:      Does UEFI increase security risks from viruses and the like?
        A:      Any firmware implementation has to take care to address
security. 
                UEFI does not change that for better or worse.

That's very nice, but it's basically just an assertion that nothing has
changed when it has, of course. 

Has anyone looked at this more carefully? Will we have to start running UEFI
anti-virus software? Or do we just say that this software is trusted and
leave it at that?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: